Consumer Threat Alert: Daily Malware Growth At Its Highest Level Ever
An average 60,000 new pieces of malware are detected each day, quadrupling the amount detected in 2007, McAfee warns
Cybercrooks have been busier than Santa’s elves on Christmas Eve, distributing the highest volume of malware ever this year. An average of
60,000 new pieces of malware are produced every day, doubling the amount detected last year (29,000/day), and quadrupling 2007 levels (16,000/day).
One of the most popular lines of attack have been URL (web address) shortening services, which allow cybercrooks to hide dangerous website destinations when posting links on Twitter, Facebook and other social networking sites.
The other main culprit is the Zeus Trojan, which spreads via download or phishing attacks. During the last quarter, the scammers behind Zeus have been quite active, delivering malware through spam email campaigns.
They try to trick recipients into clicking on links to download the malware by pretending to be messages from well-known U.S. brands such as FedEx, the Internal Revenue Service, the U.S. Postal Service and the Social Security Administration.
And, not surprisingly, malicious websites continue to be another popular avenue for cybercriminals. During the third quarter of this year, 60 per cent of the top Google search terms returned malicious sites within the first 100 results, according to McAfee Labs.
With malware at an all-time high, computer users should be aware of these common scams, and how to avoid them.
The Hooks:
URL shortening scam: Scammers research the latest hot topics and trends on sites such as Twitter and Google Trends. They then create malicious links with enticing keywords and shorten them using URL shortening services like bit.ly and TinyURL, so the real link destination is hidden.
Zeus email campaigns: Cybercrooks create spam emails that appear to come from legitimate brands, such as the Social Security Administration and FedEx, informing the recipient that there is a problem with their account or delivery and they need to download an attachment.
Malicious websites: Scammers create phony websites that appear to be legitimate. Some even include real logos from banks and popular online retailers. Their goal is to trick users into thinking they are at a legitimate website so they will enter personal information, such as passwords and credit card numbers, or will initiate a download, hoping to get a desirable file.
The Methods:
URL shortening scam: The cybercrook posts the dangerous link on Twitter. Once you click on the link, you are taken to a site that is designed to spread malware or extract personal information from you.
Zeus email campaigns: The spam emails are sent directly to computer users’ inboxes. If the recipient downloads the attachment, their computer is infected with the Zeus Trojan, or other malware.
Malicious websites: Users can encounter these malicious websites doing a basic Google search, or by clicking on dangerous banner ads and pop-ups.
The Dangers:
Your computer can be infected and your personal information, including your credit card number an d identity information, can be stolen.
Bottom Line:
Be cautious where you click, whether it is on a shortened URL, an email attachment or on search results. Use common sense and tools that will help you identify legitimate links, websites and downloads versus dangerous ones.
Tips to Avoid Becoming a victim:
- When using social media sites, be cautious when clicking on links, especially if they are posted by someone you do not know and include a shortened URL.
- If you are going to click on a shortened URL, use a URL preview tool such as our free McAf.ee service at http://mcaf.ee, which allows you to see the full website address before you navigate to it.
- If you receive an email that appears to be from a legitimate source, but requires you to download an attachment, be very wary. Remember that legitimate companies would not contact you in this way and ask you to download a file.
- When searching the Web, use a safe search tool, such as McAfee® SiteAdvisor® software, which warns you if a site is safe to click on right in your search results.
- Never click on a suspect banner or pop-up ad. Enable the pop-up blocker on your browser to protect you from these threats.
Tips on What to Do If You Have Become a Victim:
You’re a victim, now what?
- To see if your machine has been infected, scan your computer for free using McAfee® Security Scan Plus:
http://home.mcafee.com/store/product.aspx?productid=mss - If you have given your credit card or other personal information to the scammers, immediately call your credit card company to report the issue and place a hold on the card.
- Contact the McAfee® Cybercrime Response Unit at www.mcafee.com/cru, an online help center for advice and technical assistance, if you think you’ve been a victim of a cybercrime.
- Make sure your computer is protected in the future by installing a complete security software suite that includes anti-virus, anti-spyware, and firewall protection, such as McAfee Total Protection™ software.
Ensure that your software is always up to date (enable the “auto-update” feature) and perform regular scans.